ID CVE-2014-2226
Summary Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:ui:unifi_controller:2.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:ui:unifi_controller:2.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ui:unifi_controller:2.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:ui:unifi_controller:2.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ui:unifi_controller:2.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:ui:unifi_controller:2.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ui:unifi_controller:2.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:ui:unifi_controller:2.4.6:*:*:*:*:*:*:*
CVSS
Base: 2.6 (as of 10-06-2019 - 18:34)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:N/A:N
refmap via4
bid 68869
fulldisc 20140724 CVE-2014-2226: Ubiquiti Networks - UniFi Controller - Admin/root password hash sent via syslog
misc
Last major update 10-06-2019 - 18:34
Published 29-07-2014 - 14:55
Last modified 10-06-2019 - 18:34
Back to Top